package com.boco.blch.analysiser.compliance.HW.data;

import com.boco.blch.analysiser.compliance.ComplianceResolved;
import com.boco.blch.analysiser.util.XmlUtil;

/**
 * HDFS用户访问权限控制安全基线要求项 【数据节点】   
 * 1、找到配置文件 hdfs-site.xml的配置项 dfs.datanode.data.dir.perm的值为700；
 * 2、找到配置文件 hdfs-site.xml的配置项 dfs.datanode.data.dir的值对应的文件夹以及子文件夹的目录权限是 700
 * 3、Hadoop.security.group.mapping的值为：org.apache.hadoop.security.ShellBasedUnixGroupsMapping
 * 4、 /opt/huawei/bigdata/etc/2_20_DateNode/core-site.xml的配置项hadoop.security.authorization 的值 为 true;
 *
 * @author admin
 *
 */
public class BOCO_Hdfs_VisitCtl_UserVisitCtl implements ComplianceResolved {
	
	private final static String CORE_NAME = "hadoop.security.authorization";
	private final static String HDFS_NAME = "dfs.datanode.data.dir.perm";
	private final static String HDFS_MAP_NAME = "hadoop.security.group.mapping";
	private final static String HDFS_MAP_VALUE = "org.apache.hadoop.security.ShellBasedUnixGroupsMapping";
	
	//private final static String FLODER_PERMISSIONS = "drwx------";//文件夹权限为700

	@Override
	public int realEchoResolved(String echoResult) {
		int result = FAILED;
		if(echoResult != null && echoResult.length() > 0 && echoResult.indexOf("DataNode-start") != -1){
			String strResult = echoResult.substring(echoResult.indexOf("DataNode-start")+"DataNode-start".length(), echoResult.indexOf("DataNode-end"));
			result = getResult(strResult);
		}
		return result;
	}
	
	/**
	 * 【数据节点】
	 * 1、找到配置文件 hdfs-site.xml的配置项 dfs.datanode.data.dir.perm的值为700；
	 * 2、找到配置文件 hdfs-site.xml的配置项 dfs.datanode.data.dir的值对应的文件夹以及子文件夹的目录权限是 700
	 * 3、Hadoop.security.group.mapping的值为：org.apache.hadoop.security.ShellBasedUnixGroupsMapping
	 * 4、 /opt/huawei/bigdata/etc/2_20_DateNode/core-site.xml的配置项hadoop.security.authorization 的值 为 true;
	 * @param echoResult
	 * @return
	 */
	private int getResult(String echoResult){
		int result = FAILED;
		System.out.println("getResult----------------------------------------");
		if(echoResult != null && echoResult.indexOf("core-site-start") != -1){//core-site.xml解析
			String coreXml = echoResult.substring(echoResult.indexOf("core-site-start")+"core-site-start".length(), echoResult.indexOf("core-site-end"));
			System.out.println("coreXml---:"+coreXml);
			if(coreXml != null && coreXml.length() > 0){
				String value = XmlUtil.getValueByName(coreXml, CORE_NAME).trim();
				System.out.println("value-------------:"+value);
				///opt/huawei/bigdata/etc/2_20_DateNode/core-site.xml的配置项hadoop.security.authorization 的值 为 true;
				if(value != null && value.equals("true")){
					System.out.println("1111**********************************");
					result = SUCCESS;
				}else{
					result = FAILED;
				}
			}
		}
		if(result == SUCCESS){
			System.out.println("2222*************************");
			//hdfs-site.xml，
			String hdfsXml = echoResult.substring(echoResult.indexOf("hdfs-site-start")+"hdfs-site-start".length(), echoResult.indexOf("hdfs-site-end")).trim();
			if(hdfsXml != null && hdfsXml.length() > 0){
				String enabledValue = XmlUtil.getValueByName(hdfsXml, HDFS_NAME).trim();//QueueA,QueueB
				System.out.println("hdfs-----value------"+enabledValue);
				//dfs.permissions.enabled的值为true；
				//配置文件 hdfs-site.xml的配置项 dfs.datanode.data.dir.perm的值为700；
				if(enabledValue != null && enabledValue.length() > 0 && enabledValue.equals("700")){
					result = SUCCESS;
					//Hadoop.security.group.mapping的值为：org.apache.hadoop.security.ShellBasedUnixGroupsMapping
					String modeValue = XmlUtil.getValueByName(hdfsXml, HDFS_MAP_NAME).trim();
					System.out.println("modeValue----------------:"+modeValue);
					if(modeValue != null && modeValue.length() > 0 && modeValue.equals(HDFS_MAP_VALUE)){
						result = SUCCESS;
					}else{
						result = FAILED;
					}
				}else{//hdfs-site.xml相关配置项没有值
					result = FAILED;
				}
			}
		}
		if(result == SUCCESS){//判断文件夹及子文件夹权限
			System.out.println("判断文件夹及子文件夹权限-----------------------------");
			String hdfsXml = echoResult.substring(echoResult.indexOf("value-start")+"value-start".length(), echoResult.indexOf("value-end")).trim();
//			if(hdfsXml == null || hdfsXml.length() <= 0 || hdfsXml.contains(NotFindFile) 
//					|| hdfsXml.contains(NoPermission2) || hdfsXml.contains(NoPermission3)){//目录不存在  不合规
//				result = FAILED;
//			}else{
			System.out.println("dir_value===================:"+hdfsXml);
			hdfsXml = echoResult.substring(echoResult.indexOf("dir-start")+"dir-start".length(), echoResult.indexOf("dir-end")).trim();
			if(hdfsXml == null || hdfsXml.length() <= 0){
				result = SUCCESS;
				 
				/*String []dirStr = hdfsXml.split("\n");
				for (int i = 0; i < dirStr.length; i++) {
					String str = dirStr[i].trim();
					if(str != null && str.length() > 0 
							&& str.startsWith("dr") && str.contains(FLODER_PERMISSIONS)){
						result = SUCCESS;
					}else{
						System.out.println("dr--------------------------------------:"+str);
						result = FAILED;
						break;
					}
				}*/
			}
//			}
			
		}
		return result;
	}
	
	


}
